base/bif/plugins/Bro_TCP.functions.bif.bro

GLOBAL
Namespace:GLOBAL
Source File:/scripts/base/bif/plugins/Bro_TCP.functions.bif.bro

Summary

Functions

get_contents_file: function Returns the file handle of the contents file of a connection.
get_orig_seq: function Get the originator sequence number of a TCP connection.
get_resp_seq: function Get the responder sequence number of a TCP connection.
set_contents_file: function Associates a file handle with a connection for writing TCP byte stream contents.

Detailed Interface

Functions

get_contents_file
Type:function (cid: conn_id, direction: count) : file

Returns the file handle of the contents file of a connection.

Cid:The connection ID.
Direction:Controls what sides of the connection to record. See set_contents_file for possible values.
Returns:The file handle for the contents file of the connection identified by cid. If the connection exists but there is no contents file for direction, then the function generates an error and returns a file handle to stderr.

See also: set_contents_file, set_record_packets, contents_file_write_failure

get_orig_seq
Type:function (cid: conn_id) : count

Get the originator sequence number of a TCP connection. Sequence numbers are absolute (i.e., they reflect the values seen directly in packet headers; they are not relative to the beginning of the connection).

Cid:The connection ID.
Returns:The highest sequence number sent by a connection’s originator, or 0 if cid does not point to an active TCP connection.

See also: get_resp_seq

get_resp_seq
Type:function (cid: conn_id) : count

Get the responder sequence number of a TCP connection. Sequence numbers are absolute (i.e., they reflect the values seen directly in packet headers; they are not relative to the beginning of the connection).

Cid:The connection ID.
Returns:The highest sequence number sent by a connection’s responder, or 0 if cid does not point to an active TCP connection.

See also: get_orig_seq

set_contents_file
Type:function (cid: conn_id, direction: count, f: file) : bool

Associates a file handle with a connection for writing TCP byte stream contents.

Cid:

The connection ID.

Direction:

Controls what sides of the connection to record. The argument can take one of the four values:

  • CONTENTS_NONE: Stop recording the connection’s content.
  • CONTENTS_ORIG: Record the data sent by the connection originator (often the client).
  • CONTENTS_RESP: Record the data sent by the connection responder (often the server).
  • CONTENTS_BOTH: Record the data sent in both directions. Results in the two directions being intermixed in the file, in the order the data was seen by Bro.
F:

The file handle of the file to write the contents to.

Returns:

Returns false if cid does not point to an active connection, and true otherwise.

Note

The data recorded to the file reflects the byte stream, not the contents of individual packets. Reordering and duplicates are removed. If any data is missing, the recording stops at the missing data; this can happen, e.g., due to an content_gap event.

See also: get_contents_file, set_record_packets, contents_file_write_failure

Copyright 2016, The Bro Project. Last updated on January 10, 2019. Created using Sphinx 1.7.5.